Legal thoughts, since 2005.

Here is this week's Daily Record column. My past Daily Record articles can be accessed here.

*****

Illinois Bar permits lawyers to use cloud computing

When I first started writing about cloud computing use by lawyers in 2008, most lawyers had no idea what cloud computing was. These days, the concept of cloud computing - where your law firm’s data is stored offsite on servers owned and maintained by a third party - is much more familiar and accepted. It’s no longer the mystery that it once was, in large part because its use is so prevalent in the business world and because more than 20 jurisdictions have already addressed the issue of whether it’s ethical for lawyers to use cloud computing software to store their confidential client information and have concluded that it is permissible.

The latest jurisdiction to weigh in is Illinois. Last fall, in Opinion No. 16-06 (online: https://www.isba.org/sites/default/files/ethicsopinions/16-06.pdf), the Illinois State Bar Association considered this issue and concluded that the use of cloud computing by lawyers is permissible as long as reasonable care is taken to ensure that “client confidentiality is protected and client data is secure.”

In reaching this decision, the Committee acknowledged that mandating lawyers to take specific steps when vetting a cloud computing provider would be unwise due to the rapid pace of change in today’s world: “Because technology changes so rapidly, we decline to provide specific requirements for lawyers when choosing and utilizing an outside provider for cloud-based services. Lawyers must insure (sic.) that the provider reasonably safeguards client information and, at the same time, allows the attorney access to the data.”

However, the Committee did offer the following suggested areas of focus for lawyers to consider when questioning a potential cloud computing vendor: “Reasonable inquiries and practices could include: 1. Reviewing cloud computing industry standards and familiarizing oneself with the appropriate safeguards that should be employed; 2. Investigating whether the provider has implemented reasonable security precautions to protect client data from inadvertent disclosures, including but not limited to the use of firewalls, password protections, and encryption; 3. Investigating the provider’s reputation and history; 4. Inquiring as to whether the provider has experienced any breaches of security and if so, investigating those breaches; 5. Requiring an agreement to reasonably ensure that the provider will abide by the lawyer’s duties of confidentiality and will immediately notify the lawyer of any breaches or outside requests for client information; 6. Requiring that all data is appropriately backed up completely under the lawyer’s control so that the lawyer will have a method for retrieval of the data; 7. Requiring provisions for the reasonable retrieval of information if the agreement is terminated or if the provider goes out of business.”

Importantly, the Committee clarified that lawyers have a continuing duty to ensure that each vendor they use to store confidential client data in the cloud remains in compliance: “We do not believe that the lawyer’s obligations end when the lawyer selects a reputable provider. Pursuant to Rules 1.6 and 5.3, a lawyer has ongoing obligations to protect the confidentiality of client information and data and to supervise non-lawyers. Future advances in technology may make a lawyer’s current reasonable protective measures obsolete. Accordingly, a lawyer must conduct periodic reviews and regularly monitor existing practices to determine if the client information is adequately secured and protected.”

This Committee isn’t the first to require lawyers to revisit a cloud computing provider’s security measures on a regular basis. New York, is one of the many other jurisdictions that requires this as well. Because of this continuing duty, many lawyers choose to limit the number of integrations that connect to their primary cloud-computing platform. That way, the number of third parties that have access to your law firm's data is reduced and you have fewer companies to vet on a regular basis, making it easier to maintain your ethical obligations.

So, Illinois now joins the ranks of other jurisdictions that have considered this issue and green lighted lawyers’s use of cloud computing. It’s clear that cloud computing is here to stay. It offers law firms incredible benefits, including affordability, mobility, flexibility, convenience, data backup, and secure online storage. If you haven’t already considered using cloud computing software, such as legal practice management software, in your law firm, perhaps the time is now.

Search

disclaimer

This site is intended purely as a resource guide for educational and informational purposes and is not intended to provide specific legal advice. This site should not be used as a substitute for competent legal advice from a professional attorney in your state. The use and receipt of the information offered on this site is not intended to create, nor does it create, an attorney-client relationship.

Please feel free to contact me via e-mail or otherwise. However, please be advised that an attorney-client relationship is not created through the act of sending electronic mail to me.

The comments on this blog are solely the opinions of the individuals leaving them. In no way does Legal Antics or Nicole L. Black endorse, condone, agree with, sponsor, etc. these comments.

Further, any information provided on this blog or in the comments should be taken at your own risk.